10 Steps to Better Security Incident Detection

10 Steps to Better Security Incident DetectionBrian Honan, BH ConsultingCindy Valladares, Tripwire, Inc.

IT SECURITY & COMPLIANCE AUTOMATION

Today’s Speakers

Brian Honan

BH Consulting

Cindy Valladares

Tripwire, Inc.

Headquartered in Portland, Oregon Founded in 1997 | Open source legacy since ‘80s Over 315 employees worldwide

Over 5,500 customers in 87 countries 43% of Fortune 500 rely on Tripwire

Award-winning, patented technology

Helping You Piece IT Together

http://www.bhconsulting.ie info@bhconsulting.ie

10 Steps to Better Security Incident Detection

Infosec Certainties

Systems Under Constant Threat

Threats Are Evolving

Resurgence of Hacktivism

WE DO NOT FORGIVE. WE DO NOT FORGET. EXPECT US

Traditional IT Security

Breach Detection

Detected by 3rd PartyDetected by Org

Source: Verizon DBIR 2012

Time To Discover Breach

More than 1 WeekLess than 1 Week

Avoidable?

Avoidable Using Simple ControlsNot avoidable

Difficulty

Not DifficultDifficult

Examples of Bad IR

Why Are We Bad in Detecting Incidents?

Are Tools Fit For Purpose?

Volume of Information

Drowning In Data

The Rumsfeld Effect

Results in You In Line Of Fire

So …

Improving Incident Response

Detect Incidents Early

(1) Understand Your Business

(2) Analyze Network Patterns

(3) Segment Your Information

(4) Harden Systems

(5) Monitor Logs

(6) Use Security Tools

(7) Train Staff & Partners

(8) Use Open Source Data

(9) Set Traps

(10) Share with Peers

More Information

White Paper:

“10 Steps for Early Incident Detection”

Available Online In the Resources Section on Tripwire Inc.’s website.

http://www.tripwire.com/data-security/

Tripwire Secures Today’s Enterprise

Prevent attacks by implementing secure configurations and enforcing security policies

Reducethe AttackSurface

Find Vulnerabilities & Attacks Faster

MakeSecurity Data

Useful

Continuously monitor systems to identify, evaluate,and prioritize evidence of compromise

Make risk and incidentsvisible, measurable and actionable

Tripwire Security Solutions

Tripwire Solutions

Content Context Analytics Workflow

System Hardening

Incident Detection

Continuous Monitoring

Questions ?

10 Steps to Better Security Incident Detection

Technology

Transcript of 10 Steps to Better Security Incident Detection

Targeted SOC Use Cases for Effective Incident Detection ... · Targeted SOC Use Cases for Effective Incident Detection and Response ... “SOC” is intended as “Incident Detection

A Complete Review of Incident Detection Algorithms & Their ...transctr/pdf/netc/netcr37_00-7.pdf · A Complete Review of Incident Detection Algorithms & Their Deployment: What Works

Advanced Incident Detection and Threat Hunting using ... · PDF fileAdvanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Tom Ueltschi, Swiss Post CERT Botconf 2016

A FRAMEWORK FOR INCIDENT DETECTION AND NOTIFICATION …inets/papers/abuelela-dissertation.pdf · A FRAMEWORK FOR INCIDENT DETECTION AND NOTIFICATION IN VEHICULAR AD-HOC NETWORKS Mahmoud

A Complete Review of Incident Detection Algorithms & Their …docs.trb.org/00988875.pdf · 2006-12-21 · A Complete Review of Incident Detection Algorithms & Their Deployment: What

Vehicle Tracking for Incident Detection- MnDOT DETECTING AND TRACKING IN VIDEO FOR INCIDENT DETECTION Nitin Agarwal Nicholas Andrisevic Kiran Vuppla Marian S. Stachowicz mstachow@d.umn.edu

Incident Response & Evidence Management presentation.pdf · No defenses are fool proof Detection Indicates that security has been breached Incident Response After the incident has

5 Steps to Improve Your Incident Response Plan

Targeted SOC Use Cases for Effective Incident Detection and Response … · Targeted SOC Use Cases for Effective Incident Detection and Response SANS DFIR SUMMIT PRAGUE 2016 David

Six steps for building a robust incident response function

Flexible Inference for Cyberbully Incident Detection · Flexible Inference for Cyberbully Incident Detection Haoti Zhong 1David J. Miller Anna Squicciarini2 1 Pennsylvania State University,

Trends in Digital Forensics & Incident Response · Several Incident Response or Incident Handling frameworks One popular approach has 6 steps Steps 1 & 2 are Preparation and Identification

Fraud Detection Incident Response - Wild Apricot › resources › Documents › Seminar Col… · Fraud Detection & Incident Response John@JohnHallSpeaker.com (970) 926-0355 Page

Advanced Incident Detection and Threat Hunting using ...security-research.dyndns.org/pub/slides/FIRST2017/FIRST-2017_Tom... · Advanced Incident Detection and Threat Hunting using

Dynamic Traffic Flow Modeling for Incident Detection and ... · PDF filedynamic traffic flow modeling for incident detection and short-term congestion prediction: year 1 progress report

Towards a Learning Incident Detection System

Incident Detection Algorithm Evaluation (MPC-01-122) · INCIDENT DETECTION ALGORITHM EVALUATION Dr. Peter T. Martin, Associate Professor Joseph Perrin, Ph.D., PE, PTOE Blake Hansen,

Incident Detection Algorithm Evaluation (MPC-01-122)

Tackling Attack Detection and Incident Response · Tackling Attack Detection and Incident Response Research and Analysis by Intel Security and ESG By Jon Oltsik, Senior Principal

A Complete Review of Incident Detection Algorithms & Their